Virtual vpn in the cloud



Download 2,76 Mb.
Pdf ko'rish
bet20/48
Sana14.07.2022
Hajmi2,76 Mb.
#795294
1   ...   16   17   18   19   20   21   22   23   ...   48
Bog'liq
vpn in cloud

 
Example:
Assume C is a Certificate Authority issuing digital certificates to two peers A and 
B. A is the subject here requesting the issuer for a digital certificate. C confirms the identity 
of A by appealing for few A’s credentials. Once the issuer, i.e., C is satisfied with the true 
identity of A, a digital certificate is constructed using a computer program. The input data to 
this program are A’s public key, A’s name as the subject and C’s name as the issuer. With 
the given data, the computer program calculates a digital checksum over the combination of 
the above inputs and encrypts it using C’s private key. Now B wants A’s public key. B 
locates A’s digital certificate and validate it using the public key of the issuer, C. 
For validation, B separated the encrypted checksum from the digital checksum and a 
checksum is calculated on the remaining of the data structure. B then decrypts the original 
checksum with the C’s public key and a comparison between the two checksums is made. If 
the checksums match, it indicates that C is the true issuer of the certificate containing 
required information. 
The certificate thus issued is self-authenticating because both the peers trust 
the CA and have their public key available. This authentication method uses X.509 
certificates to verify the authenticity of the IPSec peer. 
Advantage: 
Added flexibility. In case a client is compromised client certificate is revoked 
rather than re-configuring every client.
 
Disadvantage: 
Certificate-based authentication involves VPN clients and gateways 
dependent on third party sources also adding additional complexities. 
3.3
 
Comparative Analysis of Different Architectures 
There exist different approaches [21] through which the data can be accessed 
across a VPN: host-to-host, site-to-site and remote access configurations. Each of their 
advantages and disadvantages have been studied, to select the best suitable. Site-to-site are 
built when accessing of data is done across different geographical locations or through 
different subnets. Host-to-host configurations establish connections between two different 
hosts initiated by either one. This approach is suitable for communicating to a remote web 
server or to a backup system. Remote access VPNs are set up usually for connecting from a 
remote place to the home network in so-called “road-warrior” scenarios. 

13 


Download 2,76 Mb.

Do'stlaringiz bilan baham:
1   ...   16   17   18   19   20   21   22   23   ...   48



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish